示例#1
0
    def test_success(self, mocked_execute_call_v2, circuits_app,
                     mcafee_esm_alarm_triggered_time_range,
                     mcafee_esm_alarm_triggered_start_time,
                     mcafee_esm_alarm_triggered_end_time, expected_results):
        """ Test calling with sample values for the parameters """
        function_params = {
            "mcafee_esm_alarm_triggered_time_range":
            mcafee_esm_alarm_triggered_time_range,
            "mcafee_esm_alarm_triggered_start_time":
            mcafee_esm_alarm_triggered_start_time,
            "mcafee_esm_alarm_triggered_end_time":
            mcafee_esm_alarm_triggered_end_time
        }
        content1 = {"status": "success"}
        content2 = [{
            "severity": 50,
            "summary": "Signature ID 'Failed User Logon' (306-31) match found",
            "assignee": "admin",
            "triggeredDate": "08/27/2018 18:47:14",
            "acknowledgedDate": "",
            "acknowledgedUsername": "",
            "alarmName": "Failed User Logon",
            "conditionType": 22,
            "id": 8195
        }]
        mocked_execute_call_v2.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]

        results = call_mcafee_esm_get_triggered_alarms_function(
            circuits_app, function_params)
        results.pop("metrics")
        assert (expected_results == results)
    def test_success(self, mocked_requests_post, circuits_app,
                     mcafee_esm_edit_case_json, mcafee_esm_case_id,
                     expected_results):
        """ Test calling with sample values for the parameters """
        function_params = {
            "mcafee_esm_edit_case_json": mcafee_esm_edit_case_json,
            "mcafee_esm_case_id": mcafee_esm_case_id
        }

        content1 = {"status": "success"}
        content2 = {
            "dataSourceList":
            None,
            "assignedTo":
            1,
            "orgId":
            1,
            "closeTime":
            "08/22/2018 21:27:34",
            "eventList": [],
            "deviceList":
            None,
            "notes": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Open",
                "timestamp": "08/22/2018 21:27:34(GMT)"
            }],
            "noteAdded":
            "",
            "history": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Viewed",
                "timestamp": "08/22/2018 21:28:24(GMT)"
            }],
            "severity":
            1,
            "summary":
            "test5",
            "openTime":
            "08/22/2018 21:27:34",
            "id":
            8194,
            "statusId": {
                "value": 1
            }
        }
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200),
            generate_response({}, 200)
        ]

        results = call_mcafee_esm_edit_case_function(circuits_app,
                                                     function_params)
        results.pop("metrics")
        assert expected_results == results
    def test_query_esm(self, mocked_requests_common):
        ops = check_config(t_config_data)
        content1 = {
            "totalRows": 0,
            "resultID": "123456789",
            "totalResultID": "0",
            "groupByString": "",
            "countColumn": 0,
            "labelColumn": 0,
            "attributeColumn": 0,
            "drilldownColumn": 1
        }
        content2 = {
            'totalRecords': 1,
            'complete': True,
            'milliseconds': 5,
            'percentComplete': 100
        }

        mocked_requests_common.execute_call_v2 = MagicMock()
        mocked_requests_common.execute_call_v2.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]
        data = '{"config": {"timeRange": "CUSTOM", "customStart": "2018-08-15T14:49:25.324Z", "customEnd": "2018-08-20T15:49:25.324Z", "order": [{"direction": "ASCENDING", "field": {"name": "FirstTime"}}], "includeTotal": "false", "fields": [{"name": "FirstTime"}, {"name": "LastTime"}, {"name": "DSIDSigID"}, {"name": "EventCount"}, {"name": "SrcIP"}, {"name": "Rule.msg"}, {"name": "AppID"}, {"name": "Filename"}, {"name": "HostID"}, {"name": "Object_Type"}, {"name" : "Threat_Name"}], "filters": [{"type": "EsmFieldFilter", "field": {"name": "DSIDSigID"}, "operator": "IN", "values": [{"type": "EsmBasicValue", "value": "306-50080"}]}]}}'
        r_ID, r = query_esm(mocked_requests_common, ops, {}, data, "EVENT")

        assert 1 == r
        assert '{"resultID": "123456789"}' == r_ID
    def test_success(self, mocked_requests_post, circuits_app, expected_results):
        """ Test calling with sample values for the parameters """
        function_params = {
        }
        content1 = {
            "status": "success"
        }
        content2 = [{
            "severity": 2,
            "summary": "test3",
            "openTime": "08/09/2018 21:07:29",
            "id": 2,
            "statusId": {
                "value": 1
            }
        }, {
            "severity": 1,
            "summary": "test3",
            "openTime": "08/10/2018 19:18:43",
            "id": 3,
            "statusId": {
                "value": 1
            }
        }]
        mocked_requests_post.side_effect = [generate_response(content1, 200),
                                            generate_response(content2, 200)]

        results = call_mcafee_esm_get_list_of_cases_function(circuits_app, function_params)
        results.pop("metrics")
        assert(expected_results == results)
    def test_case_get_list_of_cases(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content1 = {
            "status": "success"
        }
        content2 = [{
            "severity": 2,
            "summary": "test3",
            "openTime": "08/09/2018 21:07:29",
            "id": 2,
            "statusId": {
                "value": 1
            }
        },  {
            "severity": 1,
            "summary": "test3",
            "openTime": "08/10/2018 19:18:43",
            "id": 3,
            "statusId": {
                "value": 1
            }
        }]
        mocked_requests_post.side_effect = [generate_response(content1, 200),
                                            generate_response(content2, 200)]

        actual_response = case_get_case_list(ops)
        assert content2 == actual_response
    def test_case_edit_case_details(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content1 = {"status": "success"}
        content2 = {
            "dataSourceList":
            None,
            "assignedTo":
            1,
            "orgId":
            1,
            "closeTime":
            "08/22/2018 21:27:34",
            "eventList": [],
            "deviceList":
            None,
            "notes": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Open",
                "timestamp": "08/22/2018 21:27:34(GMT)"
            }],
            "noteAdded":
            "",
            "history": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Viewed",
                "timestamp": "08/22/2018 21:28:24(GMT)"
            }],
            "severity":
            1,
            "summary":
            "test5",
            "openTime":
            "08/22/2018 21:27:34",
            "id":
            8194,
            "statusId": {
                "value": 1
            }
        }
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200),
            generate_response({}, 200)
        ]

        payload = {
            "caseDetail": {
                "summary": "This is a new summary",
                "severity": "2"
            }
        }

        case_edit_case_details(ops, payload, 1)
        # Doesn't return anything, if it made it here it passed successfully
        assert True
示例#7
0
    def test_get_case_event_detail(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content1 = {"status": "success"}
        content2 = [{
            "lastTime": "08/22/2018 17:39:05",
            "id": "144115188075855872|1422",
            "message": "Failed User Logon"
        }]
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]

        actual_response = case_get_case_events_details(ops, 1)
        assert content2 == actual_response
示例#8
0
    def test_success(self, mocked_execute_call_v2, circuits_app, mcafee_event_ids_list, expected_results):
        """ Test calling with sample values for the parameters """
        function_params = {
            "mcafee_event_ids_list": mcafee_event_ids_list
        }
        content1 = {
            "status": "success"
        }
        content2 = [{
            "lastTime": "08/22/2018 17:39:05",
            "id": "144115188075855872|1422",
            "message": "Failed User Logon"
        }]
        mocked_execute_call_v2.side_effect = [generate_response(content1, 200),
                                              generate_response(content2, 200)]

        results = call_mcafee_esm_get_case_events_detail_function(circuits_app, function_params)
        results.pop("metrics")
        assert(expected_results == results)
    def test_case_get_list_of_cases(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content1 = {"status": "success"}
        content2 = [{
            "severity": 50,
            "summary": "Signature ID 'Failed User Logon' (306-31) match found",
            "assignee": "admin",
            "triggeredDate": "08/27/2018 18:47:14",
            "acknowledgedDate": "",
            "acknowledgedUsername": "",
            "alarmName": "Failed User Logon",
            "conditionType": 22,
            "id": 8195
        }]
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]
        params = {"triggeredTimeRange": "CURRENT_DAY"}

        actual_response = alarm_get_triggered_alarms(ops, params)
        assert content2 == actual_response
    def test_case_edit_case_details(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content = {
            "dataSourceList":
            None,
            "assignedTo":
            1,
            "orgId":
            1,
            "closeTime":
            "08/22/2018 21:27:34",
            "eventList": [],
            "deviceList":
            None,
            "notes": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Open",
                "timestamp": "08/22/2018 21:27:34(GMT)"
            }],
            "noteAdded":
            "",
            "history": [{
                "changes": [],
                "content": "",
                "username": "******",
                "action": "Viewed",
                "timestamp": "08/22/2018 21:28:24(GMT)"
            }],
            "severity":
            1,
            "summary":
            "test5",
            "openTime":
            "08/22/2018 21:27:34",
            "id":
            8194,
            "statusId": {
                "value": 1
            }
        }
        mocked_requests_post.return_value = generate_response(content, 200)
        case = case_get_case_detail(ops, {}, 1)

        assert content == case
    def test_get_authenticated_headers(self, mocked_requests_post):
        ops = check_config(t_config_data)
        content = {"status": "success"}
        mocked_requests_post.return_value = generate_response(content, 200)

        expected_headers = {
            "content-type": "application/json",
            "cache-control": "no-cache",
            "Cookie": "JWTToken=mock_cookie_token",
            "X-Xsrf-Token": "mock_header_token"
        }
        actual_headers = get_authenticated_headers(ops.get("esm_url"),
                                                   ops.get("esm_username"),
                                                   ops.get("esm_password"),
                                                   ops.get("verify_cert"))

        assert expected_headers == actual_headers
    def test_get_results(self, mocked_requests_common):
        ops = check_config(t_config_data)
        content = {
            u'rows': [{
                u'values': [
                    u'08/20/2018 14:58:23', u'08/20/2018 14:58:23',
                    u'306-50080', u'1', u'::',
                    u'A physical network interface connection has been made or removed',
                    u'', u'', u'', u'', u''
                ]
            }],
            u'columns': [{
                u'name': u'Alert.FirstTime'
            }, {
                u'name': u'Alert.LastTime'
            }, {
                u'name': u'Alert.DSIDSigID'
            }, {
                u'name': u'Alert.EventCount'
            }, {
                u'name': u'Alert.SrcIP'
            }, {
                u'name': u'Rule.msg'
            }, {
                u'name': u'Alert.BIN(1)'
            }, {
                u'name': u'Alert.4259843'
            }, {
                u'name': u'Alert.BIN(4)'
            }, {
                u'name': u'Alert.BIN(10)'
            }, {
                u'name': u'Alert.65538'
            }]
        }
        mocked_requests_common.execute_call_v2 = MagicMock()
        mocked_requests_common.execute_call_v2.return_value = generate_response(
            content, 200)
        response = get_results(mocked_requests_common, ops, {}, "123456789")

        assert content == response
    def test_success(self, mocked_execute_call_v2, circuits_app,
                     mcafee_esm_qry_type, mcafee_esm_qry_config,
                     expected_results):
        """ Test calling with sample values for the parameters """
        function_params = {
            "mcafee_esm_qry_type": mcafee_esm_qry_type,
            "mcafee_esm_qry_config": mcafee_esm_qry_config
        }
        content1 = {"status": "success"}
        content2 = {
            "totalRows": 0,
            "resultID": "123456789",
            "totalResultID": "0",
            "groupByString": "",
            "countColumn": 0,
            "labelColumn": 0,
            "attributeColumn": 0,
            "drilldownColumn": 1
        }
        content3 = {
            'totalRecords': 1,
            'complete': True,
            'milliseconds': 5,
            'percentComplete': 100
        }
        content4 = {
            u'rows': [{
                u'values': [
                    u'08/20/2018 14:58:23', u'08/20/2018 14:58:23',
                    u'306-50080', u'1', u'::',
                    u'A physical network interface connection has been made or removed',
                    u'', u'', u'', u'', u''
                ]
            }],
            u'columns': [{
                u'name': u'Alert.FirstTime'
            }, {
                u'name': u'Alert.LastTime'
            }, {
                u'name': u'Alert.DSIDSigID'
            }, {
                u'name': u'Alert.EventCount'
            }, {
                u'name': u'Alert.SrcIP'
            }, {
                u'name': u'Rule.msg'
            }, {
                u'name': u'Alert.BIN(1)'
            }, {
                u'name': u'Alert.4259843'
            }, {
                u'name': u'Alert.BIN(4)'
            }, {
                u'name': u'Alert.BIN(10)'
            }, {
                u'name': u'Alert.65538'
            }]
        }
        mocked_execute_call_v2.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200),
            generate_response(content3, 200),
            generate_response(content4, 200)
        ]

        results = call_mcafee_esm_query_function(circuits_app, function_params)
        results.pop("metrics")
        assert (expected_results == results)